Cisco Duo, a leading provider of multi-factor authentication (MFA) services, has issued a warning to customers regarding a cyberattack on their telephony provider. Hackers managed to breach the provider’s systems, gaining access to VoIP and SMS logs containing MFA messages for some customers. The breach, discovered on April 1, 2024, stemmed from a phishing attack that compromised employee credentials, allowing the threat actor to download message logs associated with specific Duo accounts between March 1, 2024, and March 31, 2024.
While the breach did not involve the contents of the messages or the ability to send messages to customers, the stolen logs contain sensitive data such as phone numbers, carrier information, locations, dates, times, and message types. Although the impacted supplier took immediate action to invalidate compromised credentials, analyze activity logs, and notify Cisco Duo, concerns remain about potential phishing attacks using the stolen information. In response, Cisco is urging impacted customers to be vigilant and report any suspected social engineering attempts, while also recommending educational efforts to mitigate future risks.
This incident underscores the growing threat of social engineering attacks targeting MFA systems and the potential consequences of compromised authentication mechanisms. With the FBI warning of increased SMS phishing and voice call attacks in corporate breaches, organizations must remain vigilant and proactive in defending against such threats. As investigations continue and security measures are enhanced, affected customers are encouraged to stay informed, report suspicious activity, and collaborate with Cisco Duo to mitigate the impact of the breach and safeguard against future incidents.
